This thread might be better suited for krb...@mit.edu, but I'll leave it here.
On 05/02/2015 10:57 AM, John Hascall wrote: > Is there a reason why the kadm5_hook interface does not seem to have any > support for a principal "rename" operation? An oversight, I think. The rename operation was added a few months after the kadm5_hook interface, based on patches which predated that interface. It looks like I did the integration work and didn't notice the missing piece. I will file a ticket, and will create a pull request from your patch. (Almost all MIT krb5 changes go through github.com/krb5/krb5 pull requests, but we can create pull requests for patches submitted in other ways.) > Because we do bi-directional password sync (MIT KDC <--> WinAD KDC), > we need a way to prevent an endless loop of the same password change going > around and around forever. I don't have a ready answer for this, so I will file a ticket. A a parameter for the invoking principal wouldn't be unreasonable, but adding one for all kadm5_hook interfaces would require a lot of churn at this point. Adding it just for the chpass operation might not be so bad. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
